blocking p2p on router 877

remi-reszka · ‎03-04-2009

Hi,

Can anyone suggest how can I effectively block p2p traffic like Ares, Limewire or other with Cisco IOS 12.4(6) or higher? I tried NBAR but I guess there is no PDLM available for Ares for instance.

Many thanks for any suggestions.

Remi

wangliwei_01 · ‎03-05-2009

if no PDLM,i think the router can block p2p very well,try to the PANABIT. you can google panabit,may be can help you

remi-reszka · ‎03-06-2009

Hi,

Thanks for the response. I searched for PANABIT and all I get is all results come with some chinese characters. I can't read anything. Wat's PANABIT anyway? How about using IPS to block all suspicious connections?

Thank.

zenon_electronics · ‎03-09-2009

Hi,

to block p2p traffic you need to block all ports except these you really need.

For example block all ports except http, https, smtp, pop3, dns.

Becouse some of the p2p applications use port 80 to connect there is an options in firewall(classic or Zone-Based Policy Firewall) called protocol-violation and port-missue!

This options prevent non-HTTP traffic over port 80.

For Zone-Based Firewall reffer to this link:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml

remi-reszka · ‎03-09-2009

Hi,

Sounds like a very good idea. I am already looking into the concept and config of the ZFW so it should be up and running very soon.

Thanks a lot for your suggestions.

zenon_electronics · ‎03-09-2009

You are welcome :)